Web-based security with controlled access to data and resources
Abstract
A stand-alone security system controlling access to secured information and self-service functionality for a sponsor organization, usable for Web-based and IVR-based self-service functions, having five primary facets: (1) control of access to secured information and self-service functionality for a sponsor organization, (2) enabling access to users having indirect relationships to the sponsor organization and to users having a direct relationship with the sponsor organization, (3) distribution of security administration from a central information technology resource to various users of the security system, (4) support for integration into different kinds of environments, and (5) support for system integrators. Key components of access control include (1) association of a userId with one specific person, (2) identification of keys to data in back-end systems and association of those keys with the system users, (3) definition of pieces (segments) of an organization so that permissions are granted based on the pieces instead of the entire organization, (4) definition of roles that a user has based on the functionality to which he has been given permission, (5) a single sign-on for a user who has multiple reasons to use the system, and (6) support for direct and indirect assignment of business functions. A consequence of facet (2) is that the user's employer must identify a person who legally binds that employer and a person who handles day-to-day security administration for the employer. Facet (3) enables multiple levels of distribution, including enabling one organization to delegate its rights to another organization.
Claims
exact text as granted — not AI-modifiedWe claim:
1 . A stand-alone security system controlling access to secured information and self-service functionality for a sponsor organization, comprising:
means for controlling access to secured information and self-service functionality for the sponsor organization; means for enabling access to users who have indirect relationships to the sponsor organization as well as to users who have a direct relationship with the sponsor organization; means for distributing security administration from a central information technology resource to various users of the security system; means for supporting integration into different kinds of environments; and means for supporting system integrators who need to interface with and use information in the security system in order to execute their business functions.
2 . The security system of claim 1 , wherein the means for controlling access includes means for supporting access to business functions that may not be in control of the sponsor organization, but may be at another organization.
3 . The security system of claim 1 , wherein the means for controlling access includes means for approving access for an entity and granting access to people within the entity.
4 . The security system of claim 1 , wherein the means for controlling access includes means for categorizing entities into entity types for purposes of controlling access to the security system and for determining which business functions are appropriate for an entity.
5 . The security system of claim 1 , wherein the means for controlling access includes means for supporting users who are people associated with an entity.
6 . The security system of claim 1 , wherein the means for controlling access includes means for supporting the use of a single user ID for a given user in multiple contexts.
7 . The security system of claim 1 , wherein the means for controlling access includes means for supporting an AKA Name for a user.
8 . The security system of claim 1 , wherein the means for controlling access includes means for creating different roles for different users.
9 . The security system of claim 1 , wherein the means for controlling access includes means for determining user roles in multiple ways.
10 . The security system of claim 1 , wherein the means for controlling access includes means for presenting to a user when the user logs on a menu of business functions that contains only those business functions that the user's role allows.
11 . The security system of claim 1 , wherein the means for controlling access includes means for delegating by entities to third parties with which they have a relationship.
12 . The security system of claim 11 , wherein the means for delegating by entities includes means for tracking a chain of delegation by a 3-tuple of data comprising a chain identifier of the delegation, the level of the delegation, and the parent party to the delegation.
13 . The security system of claim 1 , wherein for entities having data about them in a back-end system of a sponsor organization, the means for controlling access includes means for capturing access identifiers that provide the connection to that data.
14 . The security system of claim 1 , wherein the means for controlling access includes means for controlling access to information and functionality on a site based on the access identifiers of the entity that are assigned to the user and the business functions that are assigned to the user.
15 . The security system of claim 1 , wherein the means for controlling access includes means for enabling large organizations with multiple access identifiers to define subsets of themselves for purposes of controlling access to the subsets rather than the entire organization.
16 . The security system of claim 1 , wherein the means for controlling access includes means for controlling and keeping records of the fact that users of the site have agreed to or acknowledged the conditions for using the site prior to their use of the site.
17 . The security system of claim 1 , wherein the means for controlling access includes means for providing for session management at a Web site once a user has logged onto the Web site.
18 . The security system of claim 1 , wherein the means for controlling access includes means for enabling administrators to manage the status of users so that only users who are active can perform functions.
19 . The security system of claim 1 , wherein the means for enabling access to users includes means for allowing users to be people who are not previously known to any sponsor organization, but have an indirect relationship to the sponsor organization through their employers.
20 . The security system of claim 1 , wherein the means for enabling access to users includes means for requiring that the user's employer must identify a person who legally binds that employer and a person who handles day-to-day security administration for the employer.
21 . The security system of claim 1 , wherein the means for enabling access to users includes means for supporting multiple registration alternatives.
22 . The security system of claim 1 , wherein the means for distributing security administration includes means for distributing some of the security administration rights to System Application Owners and based on the business functions implemented by the System Application.
23 . The security system of claim 1 , wherein the means for distributing security administration includes means for distributing security administration to entities using the Web site in order to perform day-to-day account administration and to System Application Owners controlling business functions available on the Web site to grant those business functions and manage the access identifiers that the business functions need.
24 . The security system of claim 1 , wherein the means for supporting integration into different kinds of environments includes means for installing the security system at different sponsor organizations.
25 . The security system of claim 1 , wherein the means for supporting integration into different kinds of environments includes means allowing differences in configuration for different sponsor organizations.
26 . The security system of claim 1 , wherein the means for supporting integration into different kinds of environments includes means for integrating and blending into a port of origin between an unsecured section of the port of origin and a secured section of the port of origin.
27 . The security system of claim 1 , wherein the means for supporting integration into different kinds of environments includes means for integrating the security system with third party security software for providing an additional level of security for directory access protection.
28 . The security system of claim 26 , wherein the means for integrating and blending includes means for adapting to the look and feel of the port of origin, means for adjusting some content of the security system depending on the port of origin and means for defining the navigation paths of the security system to the functions that it offers.
29 . The security system of claim 1 , wherein the means for supporting system integrators includes means for receiving information from back-end systems for changing security profiles of entities and users.
30 . The security system of claim 1 , wherein the means for supporting system integrators includes means for notifying back-end systems of additions and changes to security profiles for entities and users.Join the waitlist — get patent alerts
Track US2003154403A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.